This vulnerability allows a local attacker with SeImpersonatePrivilege to elevate to 'NT AUTHORITY\System'. Impersonation enables the server thread to perform actions on behalf of the client, but within the limits of the client's security context.
This problem has been fixed in version 20.02.00, so any later version will not be affected.
Panda Security would like to thank the researcher Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative for his dedication and effort in improving the safety of our products.
Panda Security Free Antivirus Unnecessary Privileges Local Privilege Escalation Vulnerability